For example: Logged in user is permitted to access any resource (it means any URIs inside the site. The same below). Not logged in user is only permitted to access specified resource. Redirect to login page when URI not in "Allow List" is requested.

Precondition: 1. We deployed liferay PORTAL in webapps/ROOT, and a project containing a set of portlets in webapps/xyz.

What we have done. 1. We try to make a Servlet Filter in portlet, it can only filter the URI requested from the page that alreadyloaded, but can't hook the URI such as user typed in the browser address bar. 2. We try to make a Struts2 Interceptor in portlet, it can prevent from access some portlets, but before the interceptor fired, the page(which containing the portlets) had already shown.

Thank you very much Bart. Following your suggestion, We have tried to write a HOOK. servlet.service.events.pre=com.foo.hook.action.LoginAccessControlActionpublic class LoginAccessControlAction extends Action { public LoginAccessControlAction() { super(); }

It's deployed and work fine itself.The problem is that it's always print "http://localhost:8080/c/portal/layout", no matter what I have typed in address bar.How can I obtain the real URL requested by user? Which is typed in address bar, or via AJAX etc.

Just another natural suggestion..., use public and private areas, where your public area would only contain a login page and the rest of portal content shall be defined in private zone. Does it address all your requirements? By default, any resource defined in private pages will not be accessible by guest users.